From 66c3fa9eec95ae3e68ec0c4c5e1b0f7eb636b21c Mon Sep 17 00:00:00 2001
From: Daniel Jiang <jiangd@vmware.com>
Date: Thu, 3 Sep 2020 11:31:57 +0800
Subject: [PATCH] Return basic auth challenge for /v2/_catalog (#12956)

Fixes #12192

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
---
 src/server/middleware/v2auth/auth.go      | 6 ++++--
 src/server/middleware/v2auth/auth_test.go | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/server/middleware/v2auth/auth.go b/src/server/middleware/v2auth/auth.go
index 62906d9d5..21db2cd3f 100644
--- a/src/server/middleware/v2auth/auth.go
+++ b/src/server/middleware/v2auth/auth.go
@@ -16,6 +16,7 @@ package v2auth
 
 import (
 	"fmt"
+	"github.com/goharbor/harbor/src/lib"
 	lib_http "github.com/goharbor/harbor/src/lib/http"
 	"net/http"
 	"net/url"
@@ -84,8 +85,9 @@ func (rc *reqChecker) projectID(name string) (int64, error) {
 func getChallenge(req *http.Request, accessList []access) string {
 	logger := log.G(req.Context())
 	auth := req.Header.Get(authHeader)
-	if len(auth) > 0 {
-		// Return basic auth challenge by default
+	if len(auth) > 0 ||
+		len(lib.V2CatalogURLRe.FindStringSubmatch(req.URL.Path)) == 1 {
+		// Return basic auth challenge by default, incl. request to '/v2/_catalog'
 		return `Basic realm="harbor"`
 	}
 	// No auth header, treat it as CLI and redirect to token service
diff --git a/src/server/middleware/v2auth/auth_test.go b/src/server/middleware/v2auth/auth_test.go
index a31301abb..b56084b92 100644
--- a/src/server/middleware/v2auth/auth_test.go
+++ b/src/server/middleware/v2auth/auth_test.go
@@ -262,7 +262,7 @@ func TestGetChallenge(t *testing.T) {
 		},
 		{
 			request:   req2,
-			challenge: `Bearer realm="https://harbor.test/service/token",service="harbor-registry"`,
+			challenge: `Basic realm="harbor"`,
 		},
 		{
 			request:   req2x,